An Garda Siochana

Coirnisinir Carita Forbartha Agrafochta agus Pleanail Straitiseach Ceanncheathru~ An Gharda Siochana Pairc an Fhionnul~sce Daile ha Cliath 8
Teileaf6n/Tel: (01) 666 1901 Facs/Fax: (01) 666 1905

Assistant Commissioner Organisation Developm~ent Strategic ~Planning Garda Headquarters Phoenix Park Dublin 8
Lai~ thre Grdan/Web Site: www.garda.ie Riomhphost:/Email: Commissioner_ST@garda.ie

Luaigh an uimhir thagartha seo a /eanas.' PLease quote the following ref. number.Treoir Ceanncheathn ! HQ Directive No: 95/2012

Gach Oifigeach, Cigire agus Staisiun - Each Officer, Inspector and Station Is doicimid faoi iontaoibh seo le h-usaid ag pearsanra den Gharda Siochana amhain This is a confidential document for use only by personnel of An Garda Sfocharla

RE:

Data Protection in An Garda Siochana

Data Protection Acts 1988 & 2003 In accordance with HQ Directive 158/2007, the Garda Commissioner is the Data Controller ~for the purposes of the Data Protection Acts 1988/2003 and has ultimate responsibility for the compliance by every employee of An Garda Siocha with the Acts. In this regard the Code of Practice for Data Protection has been issued to every staff member of An Garda Siocha. The aim of the Code of Practice is to ensure each employee has a clear understanding of his/her responsibilities regarding these Acts. Definition of Data The term `data` means information in a form that can be processed It includes both automated or electronic data and manual data. Automated data means any information on a computer or information recorded with the intention of putting it on a computer. Examples of this are entries on the PULSE system or any other electronic database. Manual data means information that is kept as part of a relevant ming system or with the intention that it should form part of a relevant filing system. Examples of this are all traditional paper files such as investigation files and reports and statements as well as personnel and financial records and duty rosters prepared as part of normal operational duties. Section 4 Data Protection Code of Practice (page 7) DATA PROTECTION RULES EACH MEMBER OF AN GARDA SjOCIIANA MUST ADHERE TO: I. 2. 3. 4. 5. 6. 7. 8. Obtain and process information fairly Keep it only for one or more specified, explicit and lawful purposes Use and disclose it only in ways compatible with these purposes Keep it safe and secure Keep it accurate, complete and up-to-date Ensure that it is adequate, relevant and not excessive Retain it for no longer than is necessary for the purpose or purposes Give a copy of his/her personal data to the relevant individual, on request

Ag obair /e Pobai/ Chan !ad a chosaint agus Chan freastaX orthu I Working with Communities to Protect and Serve

Ownership of Data Protection and Data Protection Code of Practice In accordance with HQ Directive 93/2011 and HQ Directive 36/2012. ownership of Data Protection and the Data Protection Code of Practice transferred from Assistant Commissioner Crime and Security to Assistant Commissioner Organisation Development and Strategic Planning on 1 May 2012. Data Protection Access Requests Data Protection Access Requests made to An Garda Sfocha by individuals seeking access to their persona! data are processed at the Data Protection Processing Unit which is located within the Garda Central Vetting Unit. A statutory timeframe of 40 days exists for the processing of such a request. Accordingly all Data Protection Access Requests received from individual Data Subjects at any Garda Station or office of An Garda Sfochana will be immediately forwarded for processing to: Superintendent Data Protection Processing Unit An Garda Siochana Racecourse Road Thurles Co. Tipperary Data Protection Access Requests may, in some instances, be transmitted from the Data Protection Processing Unit to divisions, districts and sections to establish the existence of personal data. In such cases ALL information related to the person will be forwarded to the Data Protection Processing Unit not later than I O days before the 40 day time limit where the material will be assessed and a decision on disclosure will be made on a case by case basis. District and Divisional Officers may make recommendations as to disclosure or non" disclosure of material but a final decision will be made in all cases by Superintendent, Data Protection Processing Unit. Compliance with Data Protection Acts: PULSE Reason for Enquiry Significant concerns have been raised about PULSE usage and compliance with the Data Protection Act 1988/2003 within An Garda Siochana. Areas of PULSE usage which are causing concerns are searches on persons, vehicles and organisations where the Reason for Enquiry box is not being completed or is only partially completed. This is not acceptable. The Data Protection code of Practice states that accessing or disclosing personal data for any purpose other than that for which it is obtained is prohibited , therefore it is essential when enquiries are carried out on Items of interest i.e. Persons Vehicles Locations, full informatl~on should be included in the reason' for enquiry field in accordance with the instructions at Code 32.15(3) and HQ Directive 14/2001. There will be no exceptions to this. Audit of PULSE enquiries Accessing information that is in possession of An Garda Siocharia for non-business purposes is prohibited. In order to protect the reputation of An Garda Siocha in this regard, individual enquiries conducted by Garda personnel on PULSE will be audited forthwith. The audit will take the form of a district/station/individual audit of all person, vehicle and organisation searches in report format. The Garda Professional Standards Unit are responsible for the examination of the implementation of Data Protection Policy, Procedures and Legislative requirements. The examinations will include random electronic audits of District/Station/Individual records of all Person Vehicle and Location searched and any irregularities identified will be reported to local management for necessary attention. Random auditing will occur from 6 December 2012.

41gobair LePobail chun lad a chosa!nt agus Chan freastal orthu\

Works~ngwith Communities to Protect and Serve

Inappropriate disclosure of information Inappropriate release of any data in the possession of An Garda Sfochana to external agencies or individuals is prohibited. Unauthorised release of Garda information to any source external to An Garda Siocharla will be fully investigated and processed in accordance with the Garda SiochSn~a (Discipline) Regulations 2007. The cn'rninal aspects of any inappropriate disclosure of information will also be fully investigated. Certification Divisional Officers will certify in writing to Assistant Commissioner Organisation Development and Strategic Planning that each employee has read and understood this directive and the documents referenced within~ Bring to the notice of all concerned. FOR STRICT COMPLIANCE

~ A.J. Nolan 6 December 2012

Assistant Commissioner

Ag obas'r le Pobai/ Chan lad a chosaint agus Chanfreastal orthu / Working with Communities to Protect and Serve